Survey: Gambling on Compliance Audits

Monday, October 8, 2012 @ 10:10 AM gHale


Despite companies having corporate security and compliance policies, there is a widespread lack of confidence among respondents in their effectiveness, new research showed.

A vast majority of respondents (84 percent) believe employees/co-workers violate security and compliance policies for transferring files electronically and only 45.5 percent feel workers understand these policies, according to the survey by cloud-based data delivery services provider DataMotion.

RELATED STORIES
Modifying Offshore Safety Practices
BP Fails Spill Response Test
FTP Brings Compliance, Security Risks
Security to Industry: Time to Wake Up

Adding to respondents’ compliance woes, nearly one in three admit their company knowingly takes risks because they don’t have the resources to be totally compliant. With all that understood, only 37.5 percent of respondents are very confident their organization would pass a compliance audit if selected.

The survey polled more than 200 IT and business decision-makers across the U.S. and Canada to gain insight into corporate email and file transfer (FTP) habits. While this survey did not focus purely on the manufacturing automation market, it does give a snapshot of what companies are doing and thinking.

Inadequate Security and Compliance Policies: Though 80% said their company has security and compliance policies for transferring files electronically, respondents feel not everyone knows or follows them.
• 45.5 percent feel employees/co-workers fully understand these policies.
• 84 percent believe employees/co-workers routinely or occasionally violate security and compliance policies.

Vulnerabilities in Secure Email and File Transfer Capabilities: The ability to send sensitive information securely and compliantly via email is vital. Yet, despite growth in usage, survey data shows companies are still lacking basic tools for secure data delivery.
• 34.5 percent do not have the ability to encrypt email.
• 28.9 percent said their company does not monitor the content of outbound email and file attachments for compliance purposes.
• 42.5 percent are only “somewhat” confident in the technology their company uses for filtering outbound email and file attachments for compliance purposes, and an additional 3.8 percent are not confident at all.
• 54 percent do not have a single tool for securely encrypting sensitive email and transferring files.

“Rolling the Dice” on Audits: Failing to pass a compliance audit can result in costly fines and damaged reputations. Even so, the survey shows companies are taking risks, either because they lack the resources to fully comply, or, don’t feel it’s likely their organization will have an audit.
• When asked to describe their company’s approach to compliance, 31.5 percent said they take risks because they don’t have the resources to be totally compliant.
• 38.6 percent feel it is not likely their company will get a compliance audit in the next 12 months, with 37.5 percent saying it is only “somewhat” likely.
• 37.5 percent of respondents are very confident their company would pass a compliance audit.

“Data breaches are more prevalent than ever and regulatory agencies are handing out millions of dollars in fines for privacy and security violations, yet this survey shows companies are still cutting corners,” said DataMotion’s Chief Technology Officer, Bob Janacek.

“Some companies mistakenly believe suffering a data breach would be less expensive than the cost of being compliant,” he said. “What they fail to consider is the price they’ll pay goes far beyond compliance fines. In addition to investigation, legal fees and costs associated with new prevention efforts, there’s always severe backlash from a tarnished reputation. The fact is, cost-effective, easy-to-deploy, user-friendly secure data delivery solutions are available that can go a long way in eliminating security risks and ensuring compliance.”



Leave a Reply

You must be logged in to post a comment.